From d4b8e23d94287788513688c93d8e02429e234788 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 19 Aug 2023 12:15:50 +1000 Subject: [PATCH 1/4] test: add test case for 750 This adds a test case proving #750 --- authorize_helper_whitebox_test.go | 66 +++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 authorize_helper_whitebox_test.go diff --git a/authorize_helper_whitebox_test.go b/authorize_helper_whitebox_test.go new file mode 100644 index 000000000..de3a37c33 --- /dev/null +++ b/authorize_helper_whitebox_test.go @@ -0,0 +1,66 @@ +package fosite + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestIsLookbackAddress(t *testing.T) { + testCases := []struct { + name string + have string + expected bool + }{ + { + "ShouldReturnTrueIPv4Loopback", + "127.0.0.1", + true, + }, + { + "ShouldReturnTrueIPv4LoopbackWithPort", + "127.0.0.1:1230", + true, + }, + { + "ShouldReturnTrueIPv6Loopback", + "[::1]", + true, + }, + { + "ShouldReturnTrueIPv6LoopbackWithPort", + "[::1]:1230", + true, + }, { + "ShouldReturnFalse12700255", + "127.0.0.255", + false, + }, + { + "ShouldReturnTrue12700255WithPort", + "127.0.0.255:1230", + false, + }, + { + "ShouldReturnFalseInvalidFourthOctet", + "127.0.0.11230", + false, + }, + { + "ShouldReturnFalseInvalidIPv4", + "127x0x0x11230", + false, + }, + { + "ShouldReturnFalseInvalidIPv6", + "[::1]1230", + false, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + assert.Equal(t, tc.expected, isLoopbackAddress(tc.have)) + }) + } +} From e62a7db1ff88caff8567a7b7dcedc441b7bf58e4 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 19 Aug 2023 12:40:25 +1000 Subject: [PATCH 2/4] fix: isloopback returns true incorrectly This fixes an issue where isLookbackAddress returns true incorrectly. --- authorize_helper.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/authorize_helper.go b/authorize_helper.go index 10422155a..3293175fc 100644 --- a/authorize_helper.go +++ b/authorize_helper.go @@ -141,11 +141,14 @@ func isMatchingAsLoopback(requested *url.URL, registeredURI string) bool { return false } +var ( + regexLoopbackAddress = regexp.MustCompile(`^(127\.0\.0\.1|\[::1])(:\d+)?$`) +) + // Check if address is either an IPv4 loopback or an IPv6 loopback- // An optional port is ignored func isLoopbackAddress(address string) bool { - match, _ := regexp.MatchString("^(127.0.0.1|\\[::1\\])(:?)(\\d*)$", address) - return match + return regexLoopbackAddress.MatchString(address) } // IsValidRedirectURI validates a redirect_uri as specified in: From 411ff2497d722c6266b34f996f60fefe80879541 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sun, 20 Aug 2023 13:26:39 +1000 Subject: [PATCH 3/4] Update authorize_helper_whitebox_test.go Co-authored-by: Patrick Dawkins --- authorize_helper_whitebox_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authorize_helper_whitebox_test.go b/authorize_helper_whitebox_test.go index de3a37c33..35f95b669 100644 --- a/authorize_helper_whitebox_test.go +++ b/authorize_helper_whitebox_test.go @@ -37,7 +37,7 @@ func TestIsLookbackAddress(t *testing.T) { false, }, { - "ShouldReturnTrue12700255WithPort", + "ShouldReturnFalse12700255WithPort", "127.0.0.255:1230", false, }, From 8831c902c2aecb0be8e37798dd12e7baf2a99e83 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 22 Aug 2023 11:16:05 +0200 Subject: [PATCH 4/4] chore: synchronize workspaces --- authorize_helper_whitebox_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/authorize_helper_whitebox_test.go b/authorize_helper_whitebox_test.go index 35f95b669..13a54aa31 100644 --- a/authorize_helper_whitebox_test.go +++ b/authorize_helper_whitebox_test.go @@ -1,3 +1,6 @@ +// Copyright © 2023 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + package fosite import (